|Topic||Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2|
|CWE Impact||CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')|
|Affects||Guardian, CMC < v22.6.2|
|CVE Risk Level||Medium|
|Risk Level for Nozomi customers||Low|
Guardian, CMC < v22.6.2
Use internal firewall features to limit access to the web management interface.
Upgrade to v22.6.2 or later.
We thank the following parties for their efforts: